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==Phnack Inc.== 

Volume 0x0e, Issue 0x44, Phile #0x01 of 0x13 



■=[ Introduction ]=■ 



■=[ by the Phrack staff ]=■ 



•=[ April 14, 2012 ]=■ 



"C is quirky, flawed, and an enormous success." 

-- Dennis Ritchie 



October 2011 , a legend has fallen. 
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Dennis Ritchie., proud father of nothing less than our beloved C language 
and UNIX operating system, is gone. While the world has been crying over 
the loss of Steve Dobs, little has been written about Dennis' death. Saying 
that his inventions influenced the hacking community in a way even he 
probably never knew is _not_ an exaggeration. Think about it: how many of 
us became hackers because we discovered C, related bugs or UNIX? 

Dennis, the world might not be aware of your unbelievable contribution but 
we are. Farewell dear friend, may you rest in peace. 

-- anonymous bug hunter 



( Dark Thoughts ) 

Today I woke up thinking about the death of this Chinese little girl [1]. I 
felt bad. It's true that watching the youtube video was disturbing but 
something kept hitting my mind. What if the incident had occurred in my 
country? Would people really have behaved any differently? I have doubts. 
Dust because a video leaked on the Internet people conveniently blamed 
China, a country both controverted and feared. 

What if the modern society in general was tending to slowly become amoral 
and cold? A proof is that we all watched this video fully aware of its 
content. Vicious, aren't we? But not only that. We're also fucking cowards. 
Suddenly discovering that there is a darkness hidden inside the very roots 
of our society is dramatic. But pretending to ignore the fact that there 
are countries in this world where atrocious massacres are part of the daily 
life seems fine. 

It was written in the US Declaration of Independence that "We hold these 



http://www.phrack.org/archives/issues/68/1.txt 



1/6 




11/19/2014 



www.phrack.org/archives/issues/68/1.txt 
truths to be self -evident , that all men are created equal How could 

that possibly be true? This morning I was at home., healthy, comfortably 
sitting in front of my computer screen., with a cup of coffee in hand. A few 
minutes later, I was working (or luxuriously pretending to be) to earn 
money that I spent in the bar that night with my friends. In the mean time., 
not so far away., people were killed, raped, mutilated. The truth is that I 
don't even care when I think about it. This morning I was pretending being 
concerned for other people, but tonight I don't give a shit anymore. 

Something must be wrong. 



-- anonymous coward / Phrack 



[1] http://www.chinapost.com.tw/china/national-news/2011/10/21/320549/ 
Chinese-girl.htm 



( Phrack Issue #68 ) 

Hello Phrackers! How are you guys doing? We hope well. We hope your latest 
exploit works reliably (again) and all your bounces are alive and pinging. 
We also hope you and your friends still are out of prison, or recently came 
out (wink wink). Us, we're doing good. Looks like we did it again and a new 
release is here. Ya-hoo. 

This release brings you an amazing selection of hacking goodies. We have 
two papers on applied cryptanalysis by greg and SysK, an area in which we 
hope to see more submissions for the next issues. We are also thrilled 
about the return of the Art of Exploitation section. And what a return; we 
have for you not one, but two detailed papers demonstrating that 
exploitation is indeed an art form. Speaking of exploitation, did you ever 
wonder what Firefox, FreeBSD and NetBSD have in common? Read the paper by 
argp & huku and find out. Are you hacking Windows' farms? Be sure to check 
the plckp0ck3t's novel approach of stealing Active Directory password 
hashes. Perhaps you prefer malware analysis and identification of malware 
families; Pouik and G0rfi31d have written a paper with a focus on Android 
malware that will satisfy you. Android is quickly becoming the standard 
mobile platform. I think it's time for an Android/ARM kernel rootkit. Start 
from dong-hoon you's paper and hack your own. styx A continues the kernel 
fun with a paper that updates truff's LKM infection techniques to 2.6.x and 
3.x Linux kernels. If for whatever reason you're afraid of messing with 
your kernels. Crossbower shows you how to create a stealthy userland 
backdoor without creating new processes or threads. 

We also believe that you will find merit with the two main non technical 
papers of this issue. Both address more or less the same topics, but from 
two totally different points of view. On one hand, we have an analysis of 
how the happiness that hacking brings to all of us can and is corrupted by 
the security industry. One the other, a call to all hackers to take a side 
between staying true to the spirit of hacking and selling out to the 
military intelligence industrial complex. Read them, think about them and 
take a side. Remember, "The hottest places in hell are reserved for those 
who in times of great moral crisis maintain their neutrality". 

Phrack World News is also making a comeback, courtesy of TCLH. In 
International Scenes we explore Korea and the past of the Greek scene. 
Loopback has increased and we decided to resurrect Linenoise as we had some 
tiny but not less interesting submissions. While being eligible for an 
issue remains hard, submitting for Linenoise may be an easier way for 
people to share tricks in the next issues. 
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We ane pnoud to have FX pnophiled in this epic issue. As an added gift, FX 
wrote a eulogy for PH-Neutral, at least in its original form. PH-Neutral, 
as all great hacker creations., lives on as long as the hackers behind it 
are fueling it with their passion. 

Speaking of hacker passion this issue re-establishes a long lost 
connection. Phrack and SummerCon are again bonded on the 25th anniversary 
of SummerCon! Shmeck and redpantz, representing SummerCon, contribute two 
papers; a history of the conference from its beginning in 1987 to this 
year, and of course one of the Art of Exploitation papers. 

Believe it or not it was _fucking_ hard to prepare this issue. It's no news 
that the mentality of the hacking community has changed., but this time we 
had to face multiple deceptions. It's not the first time., however the 
quantity makes this event scary. It demonstrates how rotten and corrupted 
the so-called spirit of some people pretending to be part of the 
underground has become. 

There's a time when you realize that you've lost count of the battles you 
lost, but you still kinda won enough to keep faith. More importantly., you 
realize that you still care. Granted., it's not the deep., mystical and life 
changing moment that movies display -- the huge pile of shit you pushed out 
of the door just before getting to sleep is still there. It maybe just 
stinks a little less. 

But we care., hell., we really care about Phrack and what it means. It costs 
time and frustration, many battles lostj it faces the two-point-oh 
revolution (lots of quality stuff goes into blogSj for immediate 
consumption) and the money drop by the security industryj but the 
satisfaction of seeing it out again is huge. YeSj we care. 

And that's not just because we're a bunch of old farts that stay attached 
to the past. We care because it's a constantj maybe feeble but constantj 
heartbeat of that world , that community that we grew up and now live in. 

You knowj that little thing called 'the Underground' that we are proud and 
honored to somehowj in partj represent. 

We've heard from many corners that 'the Underground' is dead. We'd love to 
hear those people describe what the Underground is, then. Surej things 
changej evolve. LawSj computing powerj money investedj political links, 
technology, every piece moves fast and reshapes the landscape. But if 
you're reading these lines today, if you've just finished a 36-hour 
coding, hacking marathon, you're keeping it alive. 

So thank you, for that. Thank you to the authors for finding the time of 
sharing their knowledge. Thank you to anyone that setups a new connection. 
Thank you to whomever fights for information and freedom. Thanks crews. 

Happy hacking, Phrackers. 

You guys are the BEST heartbeat in the world. 



-- the Phrack staff 
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- By the community j for the community. - 



$ cat p68/index.txt 

< ( Table of Contents ) > 

0x01 Introduction Phrack Staff 

0x02 Phrack Prophile on FX Phrack Staff 

0x03 Phrack World News TCLH 

0x04 Linenoise various 

0x05 Loopback Phrack Staff 

0x06 Android Linux Kernel Rootkit dong-hoon you 

0x07 Happy Hacking Anonymous 

0x08 Practical cracking of white-box implementations . . . SysK 

0x09 Single Process Parasite Crossbower 

0x0a Pseudomonarchia jemallocum argp & huku 

0x0b Infecting loadable kernel modules styx A 

0x0c The Art of Exploitation: 

MS IIS 7.5 Remote Heap Overflow redpantz 

0x0d The Art of Exploitation: 

Exploiting VLC j a jemalloc case study huku & argp 

0x0e Secure Function Evaluation vs. Deniability in OTR 

and similar protocols greg 

0x0f Similarities for Fun and Profit Pouik & G0rfi31d 

0x10 Lines in the Sand: Which Side Are You On in the 

Hacker Class War Anonymous 

0x11 Abusing Netlogon to steal an Active Directory's 

secrets the plckp0ck3t 

0x12 25 Years of SummerCon Shmeck 

0x13 International Scenes various 



( GreetZ for issue #68 ) 

- FX: epicness personified 

- hermit: you have our support 

- TCLH: for everything 
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- x82 : 

- anonymous authors: 

- sysk: 

- redpantz & Shmeck: 

- greg: 

- Cnossbower: 

- the plckp0ck3t: 

- huku & argp: 

- styx A : 

- Pouik & G0nfi31d: 

- scene phile writers: 

- linenoise writers: 

- our generous hoster: 

- z4ppy, ender: 

- b3n : 

- No greetZj no thankz to: 



deepest apologies for the 1 year wait 
best part of this issue 
keep submitting man! 

Phrack and SummerCon bonded again 
schooling Alice and Bob 
parasite zoologist 
be wary or he will get your hashes 
the scourge of memory allocators 
yes we are hardcore reviewers 
who the hell is G0rfi31d??? ;> 
you have big balls guyz 
Eva you're soooooooo cute :3 
a contribution not forgotten ;) 
external reviews are paid in beers 
too bad we didn't use your stuff 
you know who you are :< 



And of course many thanks to the loopback contributors :') 



( Phrack Magazine's policy ) 

phrack:~# head -n 22 /usr/include/std-disclaimer . h 

/* 

* All information in Phrack Magazine is, to the best of the ability of 

* the editors and contributor truthful and accurate. When possible, 

* all facts are checked, all code is compiled. However, we are not 

* omniscient (hell, we don't even get paid). It is entirely possible 

* something contained within this publication is incorrect in some way. 

* If this is the case, please drop us some email so that we can correct 

* it in a future issue. 



* Also, keep in mind that Phrack Magazine accepts no responsibility for 

* the entirely stupid (or illegal) things people may do with the 

* information contained herein. Phrack is a compendium of knowledge, 

* wisdom, wit, and sass. We neither advocate, condone nor participate 

* in any sort of illicit behavior. But we will sit back and watch. 



* Lastly, it bears mentioning that the opinions that may be expressed in 

* the articles of Phrack Magazine are intellectual property of their 

* authors. 

* These opinions do not necessarily represent those of the Phrack Staff. 

*/ 



( Contact Phrack Magazine ) 



< Editors : staff [at]phrack{dot}org > 

> Submissions : staff [at]phrack{dot}org < 

< Commentary : loopback[@]phrack{dot}org > 

> Phrack World News : pwned[at]phrack{dot}org < 



Submissions may be encrypted with the following PGP key: 
(Hint: Always use the PGP key from the latest issue) 



BEGIN PGP PUBLIC KEY BLOCK- 

Version: PHRACK 
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mQGiBEucoWIRBACFnpCCYMYBX0ygl3LrH+WWMl/g6WZxxwLM2IT65gXCuvOEbLHR 
/OdZ5T7Z6sO4O5b0EWkk5palZ8egNp44+Fn+ExI78cv7ML9ffwlWEAS+naQwvN2w 
0WUsfztWHZqPf4HMefX92pv+lkVcio/b0aRT51RbvD7IdYLntYb0V7RYGwCgi6On 
dD5iN+YVDMx81kUICI8kPxcD/laHZqCzFx71I//4OtZQN0ndPlOEH+C7GDfYWi4P 
DcLNlF812hlqyDf 3QCs93PQR+f u7XWAIyyo5rLHpFf uU29ZZHlOe0VR6pLDTas2Z 
zXNdU48Bhjluf4Xv0NaAYlQ5ffID4a37uIKYRn28sOwH/7P8VGD7K7EZn3MMyewo 
aPPsA/4ylQtKkaPB9iTKUlimy5ZZonPwzhNliEbIanCGfePgPz02QMG8gnId40/o 
luE0YKlGnUbIMOb6LzI2A5EuQxzGnWzDGOM3uLDLzDtBCg8oKFnUoRVuldnPEqc/ 
NQzRYjRK8R8DoDa/QZgynl9pXx4oQ3tAldI4dAQ022ajUhEoobQfUGhyYWNnIFN0 
YWZmIDxzdGFmZkBwaHDhY2sub3DnPohgBBMRAgAgBQDLnKFiAhsDBgsDCAcDAgQV 
AggDBBYCAwECHgECF4AACgkQxgxUfYgthE7RagCeL/XinVncUzgKBnDGcvo0xjIE 
YlkAoIBqC2GuYDrXxPO/KaDtXglDjd7zuQQNBEucoWIQEADrU+2GAZbWbTElblRp 
/MyoUNHm0gxOo7afqVdQe8epub/waQDlbnE+VucI7ncmQWUdD0qkkyzaXlFDlvId 
LYh/dMu4/h+nTyuCLNqoycqvflk8Dax6QOADq0BZlM51GTL6VOBnCitWCvgYCmLO 
aPOlbac31Nx0/cpWKe+YELlZss7Q+o4SBvDOyX8B78eEs62dbRAudubFQ/tjQd3z 
cXZOSli9Du9DAa2vzk8tqlc6RAs0NY4KxBu+6VW/lxvGt3iNRlFQAdya6Kx3f hog 
zVjkt3OOgND36u/9zYbMbtjtoFqSI3DR4DhZ9NbS57nuTkDqh0GDVOtxfKcc8QxH 
wyYiH47M9znHFtHHvT0PzGc2F18s3EUFvlXZUW3ikcFbkyqTgnseqv5k9YQ8FDHX 
IvBVpj8nqLi3CBADy8z2gy5n4TnyV3sfOlTT40n0GtiG3WeGb0wuMj5+hn303zgN 
/aH+ps8DvL0TGyXjsDMcTCFlfHSIxPDouSWjOkFMnumAg/nikdn3+dPCCowcLKvQ 
isYC60yKEhcYvUDiKKzXnGyM/38Kp/73RA9ZLQ3VjCSX550UCU46hF6u6Qzbd5Dk 
T8WGsPYqz4jpPzlFlMbaVki4+g5myTR8ylIIanX08mk61+lYZyj jzmlhKyhdalil 
QY4uv3EYYFDHiyd0/3ZBfkz62wADBQ//bVf698IFhoLHGCG3USyl/nHyjVUatsCx 
ZCwPlWEGzR+RP3XdqwoGFZNA4hXYy3QrlvDSytbCRDYOK2Rp3EoslGncqp3KbUhQ 
ZRBxGNbhskZ7VHOvBHIIZ7QU3TDnWLDlWs9oha8zv9XWEmaBmCjBtmRwunphwdv2 
O73pqLbW451/WAas6CuRi+VxXllQPM2nKX9DwzyWlvnU3QayO+3DwH5bfGW0Wz53 
wqMBDz9hvVaClfAzwEnPnWQxxgA6j7S9AuEv7NRLZsC6nHyGwB7vFf L4dCKt4cGn 
gYOk5RjhHVNuLDSLhVWRf cxymPRKg07harb9adrPc jD7fCKXNloPCcacG0O6vcTb 
k58MTzs3CShD58iqVczU6ssGiVNFmf nTnYiHXXvo/+36c+TizwoXDD7CNGDc+8C0 
IxKsZbxgvpFuyRRwnzn3PpGcY0I2cWZ7wN3WtFZkDi5OtsIKTXHOozmddhAwxqGK 
GURB/yI/4L7t2Kh2EaVOyRbXNa4hwPbqbFiof ihjKQlf FsYCUUW0CAOaXul4QrrC 
lGpRMQ2tabnYCfyNuLL3DwUFKinXs6SnFcSiWkn9Cpay70zx5QosV8YKpn6ojGjE 
H3Xc0RNF/wjYczOSA6547AznnS8jkVTV2WID5glExvSxIozlHU5Dcyn5faftz++y 
ZMHT0DslFMGISQQYEQIACQUCS5yhYgIbDAAKCRDGDFR9iC2ETsN0AD9D3AnYTLnd 
lvUoDsu23bN4bf7gHwCfUGDsUSAWE/G7xQaBuB50qXGcDPo= 

=cK7U 

END PGP PUBLIC KEY BLOCK 



( EOF ) 
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